SNS - Stay connected!

Speakers

/* No speaking simultaneous interpretation is available , however, we try to show the slides in both english & japanese as much as we can. *//* [en] means English speaker, [ja] means Japanese speaker. */

[ja] THREAT OF DATA URL SCHEME - THEY ARE STILL HERE

nishimu-lla-makko (nishimunea & @llamakko_cafe)

The data: scheme is an URL scheme originally designed to embed small
images in a HTML document inline, that was standardized as RFC 2397 in
1998. However, the RFC has no mention regarding how web browsers
should handle resources with data: scheme, therefore browser vendors
have been determining its practical behavior respectively. Those gaps
have been a cause of various vulnerabilities on the web for a long
time. In 2015, it’s now still going on… In this session, we’ll first
introduce differences in handling of data: scheme among the major
browsers, and we’ll show you some real attack techniques abusing them.

This year, Stagefright vulnerabilities shocked many Android users(and caused many confusions).
In this talk, we are going to revisit the basics of technical measures to exploit such heap-based buffer overflow and technical aspects of Android, along with actual Stagefright exploitation...

For priviledge escalation attack on Windows system, write-what-where vulnerability in the kernel land is commonly used.
The most known technique is overwriting halDispatchTable and then calling corresponding internal API such as NtQueryIntervalProfile.
But this technique is dependent with the implementation of the kernel, so it's not reliable for the future kernel changes.

Actually there is the more reliable target for overwriting, Interrupt Descriptor Table (IDT).

Trap handling mechanism by IDT is defined in the specification of x86 CPU, so it is ensured that IDT is used in the same manner on all versions of x86-based Windows.
I introduce how to abuse IDT for reliable priviledge escalation attack in detail.

A few years ago I did disturb the security cluster with my incident, that I had not been able to use my internet access because of my vulnerability reports to some companies. I will talk about it and the hard luck story at which a bug hunter nods unconsciously blow by blow. There are not only fun thing in bug hunter's life, the joy side is:http://www.slideshare.net/codeblue_jp/cb14-masato-kinugawaen

Masato Kinugawa:Bug hunters that appeared to Japanese. My hobbies are listening to music and XSSing. Twitter:@kinugawamasato

[ja] EVASION TECHNIQUES A TO ZSh1n0g1

Have you ever spread a malware widely? I have. I wrote a malware simulator which called ShinoBOT and deployed it *legally* to 100 countries, 3000+ hosts. As expected, my malware was black-listed. So the next thing I did was to evade not only those blacklists but also other security solutions, antivirus, IPS, URL filter, sandbox. This talk will cover how the attackers observed the security device and how they handle it, based on my experience.

There are many websites using CMS, but it is increasing attacks
against websites using a popular CMS.
Especially WordPress websites are often be scanned. Some of them are
defaced or used to attack other victims.
I developed gathering tools optimizing attacks against WordPress, and
a portal website to visualize attacks.
I will talk about structure of tools and explain payloads.

ym405nm:Yoshinori Matsumoto. A Security researcher at Kobe.

[en] APT Malware: Attribute and DevelopmentRazor Huang

Advanced persistent threat(APT) has become a critical problem. This talk will introduce you a new APT campaign and related malware. This campaign has targeted Asian countries for more than 5 years. They developed several kinds of malware. Based on my investigation and monitoring, I am going to share their attribute and stealthy tactics with you.

Malware authors sometimes target embedded devices for their benefit
and ATMs (Automated Teller Machines) are no exception for them. I am
going to introduce about some ATM malware with the result of
reverse-engineering and demonstrate how to run them on your Windows
machine.

Information of targeted attacks includes malwares, tools, C2 servers, e-mail and so on.
Based on this information, you can investigate campaign by C2 servers used campaign and results obtained from malware analysis.
In addition, you can use the obtained information as indicators for protection.
In this session, I’d like to introduce about how to collect information about campaign and attacker of targeted attack by OSINT.

seraph(seraph):Malware analyst/Twitter:@Seraph39

[ja][evnet] Attack & Defense Web TrialYuichi HATTORI & takahoyo

We provide Attack and Defense trial event of Web service.
These challenges are used at CTF for Beginners.
If you want to join this event, please take a laptop pc with wireless adapter.
We provide 3 rounds. You can join 1 round only.